IM use does involve security vulnerabilities, but they are probably of greater concern for corporations, where many people use messaging to communicate both internally and externally.
You should be safe if you follow a few precautions -- it's similar to the rules you follow in order to prevent getting a virus through e-mail.
Here are a few ways to avoid making your system vulnerable when using IM:
- Never accept file transfers from people you don't know
- Make sure that the contacts you add are actually your friends -- anyone can create any username
- Set your preferences so that you can only accept messages from contacts you have added to your list
- Never send personal information in messages (your address, real name, any bank account details and so on)
- If you use a computer that is used by other people, don't select the option that allows you to log on without typing a password